I created a presigned URL for a video file stored in S3 bucket. My application streams the video file using html5 video tag in a browser. Therefore to play the video, I am using the signed URL which can be accessed in frontend if we see the view source of a webpage. Anyone who gets access to the URL can read the file stored in the S3 bucket. Can we do anything to prevent this from happening?
1 Answers
When you create signed URLs or signed cookies to control access to your files, you can specify the following restrictions:
• An ending date and time, after which the URL is no longer valid.
• (Optional) The date and time that the URL becomes valid.
• (Optional) The IP address or range of addresses of the computers that can be used to access your content.
Set-Cookieheaders that set signed cookies on the viewers for authenticated users
One part of a signed URL or a signed cookie is hashed and signed using the private key from a public/private key pair. When someone uses a signed URL or signed cookie to access an object, CloudFront compares the signed and unsigned portions of the URL or cookie. If they don’t match, CloudFront doesn’t serve the object.
Hi Sam, I am aware that we can configure signed URLs for a specific duration. However my query is regarding another possibility. Lets say that a user views the front end page source by clicking on "View Page Source", he/she would be able to view the signed URL for the video file. And if the signed URL for the video file was configured for a longer duration, say 24 hrs, then anyone who has the presigned url can make unlimited hits using the URL. My query is how can we stop this from happening?
Set-Cookieheaders that set signed cookies on the viewers for authenticated users, so somebody else can not simply copy and use the url
Have you tried this and see if it works?